• Postfix
• How_reject_sender_login_mismatch_works

Postfix/How_reject_sender_login_mismatch_works

From http://archives.neohapsis.com/archives/postfix/2009-08/0006.html

The postfix documentation regarding reject_sender_login_mismatch:

• http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch

• http://www.postfix.org/SMTPD_ACCESS_README.html

Specifically the reject_authenticated_* and reject_unauthenticated_* forms, would greatly benefit from this small snippet from the mailing list archives:

• http://archives.neohapsis.com/archives/postfix/2009-01/0523.html

I was really not clear on how this worked until finding this.

Although I'm still not sure why the reject_authenticated_* one is useful.

~~~~~~~~~~~~~~~~ snippet from mail archives ~~~~~~~~~~~~~~~~

to sum up:

• if foo@example.com can only be used by user 'foo', then use reject_sender_login_mismatch

• if foo@example.com must be authenticated (but you don't care who the user is), then use reject_unauthenticated_sender_login_mismatch

• if foo@example.com can be used (without auth) OR (if auth'ed, the user must be 'foo'), then use reject_authenticated_sender_login_mismatch

<advanced>

you can implement this on a per sender basis using a check_sender_access with a map that returns one of the above depending on the sender.

smtpd_sender_restrictions =
       check_sender_access hash:/etc/postfix/access_sender_login

== access_sender_login:
joe@example.com reject_sender_login_mismatch
jim@example.com reject_authenticated_sender_login_mismatch
jane@example.com reject_unauthenticated_sender_login_mismatch
foo@example.com DUNNO
example.com reject_sender_login_mismatch

</advanced>